3Com Switch 4500G Family Command Reference Guide4500G 24-Port (3CR17761-91) 4500G 48-Port (3CR17762-91) 4500G 24-Port PWR (3CR17771-91) 4500G 48-Port PWR (3CR17772-91)

www.3Com.com Part Number: 10014901 Rev. AB Published: February 2008

3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064

Copyright 2006-2008, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time. If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you. UNITED STATES GOVERNMENT LEGEND If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following: All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide. Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries. 3Com and the 3Com logo are registered trademarks of 3Com Corporation. Cisco is a registered trademark of Cisco Systems, Inc. Funk RADIUS is a registered trademark of Funk Software, Inc. Aegis is a registered trademark of Aegis Group PLC. Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc. All other company and product names may be trademarks of the respective companies with which they are associated. ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to: Establishing environmental performance standards that comply with national legislation and regulations. Conserving energy, materials and natural resources in all operations. Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products. Ensuring that all products can be recycled, reused and disposed of safely. Ensuring that all products are labelled according to recognized environmental standards. Improving our environmental record on a continual basis. End of Life Statement 3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components. Regulated Materials Statement 3Com products do not contain any hazardous or ozone-depleting material.

CONTENTSABOUT THIS GUIDEAbout This Software Version 21 Organization of this Manual 21 Intended Readership 21 Related Documentation 21

ALPHABETICAL LISTING OF COMMANDS COMMAND DESCRIPTIONSaccess-limit 43 accounting 44 accounting default 45 accounting lan-access 47 accounting login 48 accounting optional 50 acl 51 acl 52 activation-key 53 active region-configuration 55 add-member 56 administrator-address 57 apply cost 58 apply cost 60 apply ip-address next-hop 61 apply ipv6 next-hop 62 apply poe-profile 63 apply poe-profile interface 64 apply preference 66 apply preference 68 apply tag 69 apply tag 70 arp check enable 71 arp max-learning-num 72 arp static 73 arp timer aging 74 ascii 75 attribute 76 attribute 78 authentication default 80 authentication lan-access 82 authentication login 83 authentication-mode 85 authorization command 86 authorization default 87 authorization lan-access 89

2

CONTENTS

authorization login 91 auto-build 93 auto-execute command 95 backup startup-configuration 96 binary 97 black-list add-mac 98 black-list delete-mac 99 boot-loader 100 bootrom 101 bootrom-update security-check enable 102 broadcast-suppression 103 build 104 bye 105 bye 106 ca identifier 107 car 108 cd 110 cd 111 cd 112 cdup 113 cdup 114 certificate request entity 115 certificate request from 116 certificate request mode 117 certificate request polling 118 certificate request url 119 check region-configuration 120 checkzero 122 checkzero 124 ciphersuite 125 classifier behavior 126 client-verify enable 127 clock datetime 128 clock summer-time 129 clock timezone 131 close 132 close-mode wait 133 cluster 134 cluster enable 135 cluster switch-to 136 command-privilege level 138 common-name 140 copy 141 copy configuration 142 count 143 country 144 crl check 145 crl update-period 146 crl url 147 cut connection 148

CONTENTS

3

databits 150 datafill 151 datasize 152 debugging 153 default cost 154 default-route originate 155 delete 156 delete 157 delete 158 delete ipv6 static-routes all 160 delete-member 163 delete static-routes all 164 description 165 description 166 description 167 description 168 destination-ip 169 destination-port 170 dhcp enable 171 dhcp relay address-check 172 dhcp relay information enable 173 dhcp relay information format 174 dhcp relay information strategy 175 dhcp relay release 176 dhcp relay security static 177 dhcp relay security tracker 178 dhcp relay server-detect 179 dhcp relay server-group 180 dhcp relay server-select 181 dhcp select relay 182 dhcp-snooping 183 dhcp-snooping trust 184 dir 185 dir 186 dir 187 disconnect 188 display acl 189 display arp 190 display arp ip-address 192 display arp timer aging 193 display boot-loader 194 display bootp client 195 display brief interface 196 display channel 199 display clipboard 201 display clock 202 display cluster 203 display cluster base-topology 205 display cluster black-list 207

4

CONTENTS

display cluster candidates 208 display cluster current-topology 210 display cluster members 212 display connection 214 display cpu-usage 216 display current-configuration 218 display current-configuration 226 display debugging 231 display device 232 display dhcp client 233 display dhcp relay 235 display dhcp relay security 236 display dhcp relay security statistics 237 display dhcp relay security tracker 238 display dhcp relay server-group 239 display dhcp relay statistics 240 display dns domain 242 display dns dynamic host 243 display dns server 244 display domain 245 display diagnostic-information 247 display dot1x 249 display environment 252 display fan 253 display fib 254 display fib ip-address 257 display fib statistics 259 display ftp-server 260 display ftp-user 261 display garp statistics 262 display garp timer 263 display gvrp statistics 264 display gvrp status 265 display habp 266 display habp table 267 display habp traffic 268 display history-command 269 display hotkey 270 display hwtacacs 272 display icmp statistics 273 display igmp-snooping group 275 display igmp-snooping statistics 277 display info-center 278 display interface 280 display interface vlan-interface 283 display ip host 285 display ip host 286 display ip https 287 display ip interface 288 display ip interface brief 290

CONTENTS

5

display ip ip-prefix 291 display ip routing-table 292 display ip routing-table acl 295 display ip routing-table ip-address 297 display ip routing-table ip-address1 ip-address2 300 display ip routing-table ip-prefix 302 display ip routing-table protocol 304 display ip routing-table statistics 306 display ip socket 307 display ip statistics 309 display ip ipv6-prefix 312 display ipv6 routing-table 314 display ipv6 routing-table acl 316 display ipv6 routing-table ipv6-address 318 display ipv6 routing-table ipv6-prefix 320 display ipv6 routing-table protocol 322 display ipv6 routing-table statistics 324 display ipv6 routing-table verbose 326 display lacp system-id 328 display link-aggregation interface 329 display link-aggregation summary 331 display link-aggregation verbose 332 display local-proxy-arp 334 display local-server statistics 335 display local-user 336 display logbuffer 338 display logbuffer summary 340 display-loopback-detection 341 display mac-address 342 display mac-address aging-time 344 display mac-authentication 345 display memory 347 display mirroring-group 348 display ndp 349 display nqa 352 display ntdp 355 display ntdp device-list 356 display ntp-service sessions 358 display ntp-service status 360 display ntp-service trace 362 display pki certificate 363 display pki certificate access-control-policy 365 display pki certificate attribute-group 366 display pki crl domain 367 display poe device 369 display poe interface 370 display poe interface power 373 display poe-profile 374 display poe-profile interface 376

6

CONTENTS

display poe pse 377 display port 379 display port-group manual 380 display port-isolate group 381 display power 382 display proxy-arp 383 display qos lr interface 384 display qos map-table 385 display qos policy 386 display qos policy interface 387 display qos policy user-defined 389 display qos sp 390 display qos vlan-policy 391 display qos wrr interface 393 display radius 394 display radius statistics 396 display rip 398 display rip database 400 display rip interface 401 display rip route 402 display rmon alarm 404 display rmon event 405 display rmon eventlog 406 display rmon history 407 display rmon prialarm 409 display rmon statistics 410 display route-policy 412 display route-policy 414 display ripng 416 display ripng database 418 display ripng interface 420 display ripng route 422 display rsa local-key-pair public 423 display rsa peer-public-key 425 display saved-configuration 427 display saved-configuration 431 display schedule reboot 434 display sftp client source 435 display snmp-agent 436 display snmp-agent community 437 display snmp-agent group 438 display snmp-agent mib-view 440 display snmp-agent statistics 442 display snmp-agent sys-info 444 display snmp-agent usm-user 445 display ssh client source 446 display ssh server 447 display ssh server-info 449 display ssh user-information 450 display ssl client-policy 451

CONTENTS

7

display ssl server-policy 452 display startup 453 display stop-accounting-buffer 454 display stop-accounting-buffer 456 display stp 457 display stp region-configuration 459 display tcp statistics 460 display tcp status 462 display this 463 display this 464 display time-range 465 display traffic behavior 466 display traffic behavior user-defined 467 display traffic classifier 468 display trapbuffer 469 display udp-helper server 471 display udp statistics 472 display user-interface 474 display users 476 display version 478 display vlan 479 display voice vlan oui 481 display voice vlan state 482 display web users 483 dns domain 484 dns resolve 485 dns server 486 domain 487 dot1x 488 dot1x authentication-method 490 dot1x guest-vlan 492 dot1x handshake 494 dot1x max-user 495 dot1x port-control 496 dot1x port-method 498 dot1x quiet-period 500 dot1x retry 501 dot1x timer 502 duplex 504 enable snmp trap updown 505 escape-key 506 execute 508 exit 509 fast-leave 510 filename 511 file prompt 512 filter 513 filter-policy export 514 filter-policy export 516

8

CONTENTS

filter-policy import 517 filter-policy import 520 fixdisk 521 flow-control 522 flow-control 523 format 524 fqdn 525 free user-interface 526 free web-users 527 frequency 528 ftp 529 ftp-operation 530 ftp server 531 ftp server enable 532 ftp timeout 533 ftp update 534 garp timer 535 garp timer leaveall 537 get 538 get 539 gratuitous-arp-learning enable 540 gratuitous-arp-sending enable 541 group-member 542 group-policy 543 gvrp 545 gvrp registration 546 habp enable 548 habp server vlan 549 habp timer 550 handshake timeout 551 header 552 header 555 help 557 history-command max-size 558 history-records 559 holdtime 560 host-aging-time 561 host-route 562 hotkey 563 http-operation 565 http-string 566 hwtacacs nas-ip 567 hwtacacs scheme 568 idle-cut 569 idle-timeout 570 if-match 571 if-match { acl | ip-prefix } 574 if-match cost 575 if-match cost 576 if-match interface 577

CONTENTS

9

if-match interface 578 if-match ipv6 580 if-match ip 581 if-match tag 582 if-match tag 584 igmp-snooping 585 igmp-snooping drop-unknown 586 igmp-snooping enable 587 igmp-snooping fast-leave 588 igmp-snooping general-query source-ip 590 igmp-snooping group-limit 591 igmp-snooping group-policy 593 igmp-snooping host-aging-time 595 igmp-snooping host join 596 igmp-snooping last-member-query-interval 598 igmp-snooping max-response-time 599 igmp-snooping overflow-replace 600 igmp-snooping querier 602 igmp-snooping query-interval 603 igmp-snooping report-aggregation 604 igmp-snooping router-aging-time 605 igmp-snooping source-deny 606 igmp-snooping special-query source-ip 607 igmp-snooping static-group 608 igmp-snooping static-router-port 610 igmp-snooping version 611 import-route 612 import-route 614 info-center channel name 615 info-center console channel 616 info-center enable 617 info-center logbuffer 618 info-center loghost 619 info-center loghost source 621 info-center monitor channel 622 info-center snmp channel 623 info-center source 624 info-center synchronous 626 info-center timestamp loghost 627 info-center timestamp 628 info-center trapbuffer 629 instance 630 interface VLAN-interface 632 interface 633 ip 634 ip address 635 ip address 636 ip address bootp-alloc 637 ip address dhcp-alloc 638

10

CONTENTS

ip forward-broadcast 639 ip forward-broadcast [acl-number] 640 ip host 641 ip http acl 642 ip http acl 643 ip http enable 644 ip https certificate access-control-policy 645 ip https enable 646 ip https ssl-server-policy 647 ip ip-prefix 648 ip-pool 650 ip redirects enable 651 ip route-static 652 ip route-static default-preference 655 ip ttl-expires enable 656 ip unreachables enable 657 ip ipv6-prefix 658 ipv6 route-static 660 jitter-interval 661 jitter-packetnum 662 jumboframe enable 663 key 664 key 666 lacp port-priority 667 lacp system-priority 668 language-mode 669 last-member-query-interval 670 lcd 671 ldap-server 672 level 673 link-aggregation group description 674 link-aggregation group mode 675 local-proxy-arp enable 676 local-server 677 local-user 679 local-user password-display mode 680 locality 681 lock 682 logging-host 683 loopback 684 loopback-detection control enable 685 loopback-detection enable 686 loopback-detection interval-time 687 loopback-detection per-vlan enable 688 ls 689 ls 690 mac-address (Ethernet Port view) 691 mac-address (System view) 692 mac-address max-mac-count 694 mac-address timer 695

CONTENTS

11

mac-authentication 696 mac-authentication domain 698 mac-authentication timer 699 management-vlan 700 max-response-time 701 mdi 702 mirror-to interface 703 mirroring group 704 mirroring-group mirroring-port 705 mirroring-group monitor-port 706 mirroring-port 707 mkdir 708 mkdir 709 mkdir 710 more 711 move 712 multicast-suppression 713 multicast-vlan enable 714 multicast-vlan subvlan 715 nas-ip 716 nas-ip 717 ndp enable 718 ndp timer aging 719 ndp timer hello 720 network 721 nm-interface vlan-interface 722 nqa 723 nqa-agent enable 724 nqa-agent max-requests 725 nqa-server enable 726 nqa-server tcpconnect 727 nqa-server udpecho 728 ntdp enable 729 ntdp explore 730 ntdp hop 731 ntdp timer 732 ntdp timer hop-delay 733 ntdp timer port-delay 734 ntp-service access 735 ntp-service authentication enable 736 ntp-service authentication-keyid 737 ntp-service broadcast-client 738 ntp-service broadcast-server 739 ntp-service in-interface disable 740 ntp-service max-dynamic sessions 741 ntp-service multicast-client 742 ntp-service multicast-server 743 ntp-service reliable authentication-keyid 744 ntp-service source-interface 745

12

CONTENTS

ntp-service unicast-peer 746 ntp-service unicast-server 748 open 749 organization 750 organizational-unit 751 overflow-replace 752 parity 753 passive 754 password 755 password 756 peer 757 peer-public-key end 758 ping 759 pki certificate access-control-policy 762 pki certificate attribute-group 763 pki delete-certificate 764 pki-domain 765 pki domain 766 pki entity 767 pki import-certificate 768 pki request-certificate 769 pki retrieval-certificate 770 pki retrieval-crl domain 771 pki validate-certificate 772 poe disconnect 773 poe enable 774 poe legacy enable 775 poe max power 776 poe mode 777 poe pd-description 778 poe pd-policy priority 779 poe priority 780 poe-profile 782 poe update 783 poe utilization-threshold 784 port 785 port access vlan 786 port-group 787 port-group aggregation 788 port hybrid pvid vlan 789 port hybrid vlan 790 port-isolate enable 791 port link-aggregation group 792 port trunk permit vlan 793 port trunk pvid vlan 794 prefer-cipher 795 preference 796 preference 798 primary accounting 799 primary accounting 800

CONTENTS

13

primary authentication 801 primary authentication 803 primary authorization 804 probe-failtimes 805 protocol inbound 806 protocol inbound 807 proxy-arp enable 808 public-key-code begin 809 public-key-code end 810 put 811 put 812 pwd 813 pwd 814 pwd 815 qos apply policy 816 qos lr 817 qos map-table 818 qos policy 819 qos priority 820 qos sp 821 qos vlan-policy 822 qos wrr 823 quit 824 quit 825 quit 826 radius nas-ip 827 radius scheme 828 reboot 830 reboot member 831 redirect 832 region-name 833 remark dot1p 834 remark dsc 835 remark ip-precedence 837 remark local-precedence 838 remotehelp 839 rmdir 840 remove 841 rename 842 rename 843 reset acl counter 844 reset arp 845 reset counters interface 846 reset dhcp relay statistics 847 reset dns dynamic-host 848 reset dot1x statistics 849 reset garp statistics 850 reset hwatacs statistics 851 reset igmp-snooping group 852

14

CONTENTS

reset igmp-snooping statistics 853 reset ip ip-prefix 854 reset ip routing-table 855 reset ip statistics 856 reset ip ipv6-prefix 858 reset ipv6 routing-table statistics 860 reset lacp statistics 861 reset logbuffer 862 reset ndp statistics 863 reset qos vlan-policy 864 reset radius statistics 865 reset recycle-bin 866 reset rip statistics 867 reset saved-configuration 868 reset stop-accounting-buffer 869 reset stop-accounting-buffer 871 reset stp 872 reset tcp statistics 874 reset trapbuffer 875 reset udp-helper packet 876 reset udp statistics 877 reset unused porttag 878 restore startup-configuration 879 retry 880 retry realtime-accounting 881 retry stop-accounting 883 retry stop-accounting 884 return 885 revision-level 886 rip 887 rip authentication-mode 888 rip input 889 rip metricin 890 rip metricout 891 rip output 892 rip poison-reverse 893 rip split-horizon 894 rip summary-address 895 rip version 896 rmdir 898 rmdir 899 rmon alarm 900 rmon event 902 rmon history 904 rmon prialarm 905 rmon statistics 907 root-certificate fingerprint 908 route-policy 909 route-policy 912 router-aging-time 914

CONTENTS

15

ripng 916 ripng default-route 918 ripng enable 920 ripng poison-reverse 922 ripng split-horizon 924 ripng summary-address 926 rsa local-key-pair create 927 rsa local-key-pair destroy 928 rsa local-key-pair export 929 rsa peer-public-key 930 rule 931 rule (advanced IPv4 ACL) 932 rule (basic IPv4 ACL) 937 rule (Ethernet frame header ACL) 940 rule comment 942 save 943 schedule reboot at 945 schedule reboot delay 947 screen-length 948 secondary accounting 949 secondary accounting 950 secondary authentication 951 secondary authentication 952 secondary authorization 953 self-service-url 954 send 956 send-trap 957 sendpacket passroute 958 server-type 959 service-type 960 service-type 962 service-type ftp 963 session 964 set authentication password 965 sftp 966 sftp client source 968 sftp server enable 969 sftp server idle time-out 970 shell 971 shutdown 972 shutdown 973 silent-interface 974 snmp-agent 975 snmp-agent community 976 snmp-agent community 977 snmp-agent group 978 snmp-agent group 980 snmp-agent local-engineid 982 snmp-agent mib-view 983

16

CONTENTS

snmp-agent packet max-size 984 snmp-agent sys-info 985 snmp-agent target-host 986 snmp-agent trap enable 988 snmp-agent trap life 990 snmp-agent trap queue-size 991 snmp-agent trap source 992 snmp-agent usm-user 993 snmp-agent usm-user 995 snmp-host 997 source-deny 998 source-interface 999 source-ip 1000 source-port 1001 speed 1002 speed 1003 ssh client authentication server 1004 ssh client first-time enable 1005 ssh client source 1006 ssh server authentication-retries 1007 ssh server authentication time-out 1008 ssh server compatible-ssh1x enable 1009 ssh server enable 1010 ssh server rekey-interval 1011 ssh user assign rsa-key 1012 ssh user authentication-type 1013 ssh user service-type 1015 ssh2 1016 ssl client-policy 1018 ssl server-policy 1019 startup saved-configuration 1020 state 1022 state 1024 state 1026 step 1027 stop-accounting-buffer enable 1028 stop-accounting-buffer enable 1029 stp 1030 stp bpdu-protection 1032 stp bridge-diameter 1033 stp compliance 1034 stp cost 1036 stp edged-port 1038 stp loop-protection 1040 stp max-hops 1041 stp mcheck 1042 stp mode 1043 stp pathcost-standard 1044 stp point-to-point 1046 stp port priority 1047

CONTENTS

17

stp priority 1049 stp region-configuration 1050 stp root primary 1051 stp root-protection 1053 stp root secondary 1054 stp tc-protection 1056 stp timer-factor 1057 stp timer forward-delay 1058 stp timer hello 1060 stp timer max-age 1061 stp transmit-limit 1062 stopbits 1063 summary 1064 super password 1065 sysname 1066 sysname 1067 system-view 1068 tcp timer fin-timeout 1069 tcp timer syn-timeout 1070 tcp window 1071 telnet 1072 terminal debugging 1073 terminal debugging 1074 terminal logging 1075 terminal monitor 1076 terminal trapping 1077 terminal type 1078 test-enable 1079 test-failtimes 1080 test-type 1081 tftp get 1082 tftp put 1083 tftp sget 1084 tftp-server 1085 tftp-server acl 1086 timeout 1087 time-range 1088 timer 1090 timers 1092 timer quiet 1094 timer quiet 1095 timer realtime-accounting 1096 timer realtime-accounting 1098 timer response-timeout 1099 timer response-timeout 1100 timers 1101 topology accept 1103 topology restore-from 1104 topology save-to 1105

18

CONTENTS

tos 1106 tracert 1107 traffic behavior 1109 traffic classifier 1110 ttl 1111 udp-helper enable 1112 udp-helper port 1113 udp-helper server 1114 undelete 1115 unicast-suppression 1116 user 1117 user-interface 1118 username 1119 user-name-format 1120 user-name-format 1121 user privilege level 1122 validate source address 1123 verbose 1124 version 1125 version 1126 virtual-cable-test 1127 vlan 1129 vlan-mapping modulo 1130 voice vlan 1132 voice vlan aging 1133 voice vlan enable 1134 voice vlan mac-address 1135 voice vlan mode auto 1137 voice vlan security enable 1138

ABOUT THIS GUIDE

This guide describes the command line interface (CLI) configuration commands used to control the 3Com Switch 4500G Family of routers.

About This Software Version

The software in the 3Com Switch 4500G Family is a subset of that used in some other 3Com products. Depending on the capabilities of your hardware platform, some commands described in this guide may not be available on your switch, although the unavailable commands may still display on the command line interface (CLI). If you try to use an unavailable command, an error message displays. CAUTION: Any command that displays on the CLI, but is not described in this guide, is not supported in Version #.# software. 3Com only supports the commands described in this guide. Other commands may result in the loss of data, and are entered at the users risk.

Organization of this Manual

The 3Com Switch 4500G Family Command Reference Guide provides detailed information about the web interface and command line interface that enable you to manage the switch. This guide lists all commands in alphabetical order. An index listing of commands organized by function is provided at the end of this document.

Intended Readership

The manual is intended for the following readers:

Network administrators Network engineers Users who are familiar with the basics of networking

Related Documentation

In addition to this guide, the Switch 4500G documentation set includes the following:

3Com Switch 4500G Family Quick Reference Guide This guide contains:

a list of the features supported by the switch. a summary of the command line interface commands for the switch. This guide is also available under the Help button on the web interface.

3Com Switch 4500G Family Getting Started Guide This guide provides preliminary information about hardware installation and communication interfaces.

22

3Com Switch 4500G Family Installation Guide This guide describes the 3Com Switch 4500G Series Ethernet Switches and how to install hardware, configure and boot software, and maintain software and hardware. This guide also provides troubleshooting and support information for your switch.

3Com Switch 4500G Family Configuration Guide This guide provides information about configuring your network using the commands supported by the 3Com Switch 4500G Family.

3Com Switch 4500G Family Release notes These notes provide information about the current software release, including new features, modifications, and known problems. The release notes are supplied in hard copy with the switch.

COMMAND DESCRIPTIONS

42

3Com Switch 5500 Family Command Reference

3Com Switch 4500G Family Command Reference

access-limit 43

access-limitPurposeUse the access-limit command to set the maximum number of access users that can be contained in current ISP domain. Use the undo access-limit command to restore the default maximum number.

Syntax

access-limit { disable | enable max-user-number } undo access-limit

Parameters

disable

Specifies not to limit the number of access users that can be contained in current ISP domain. If not specified, disable is selected by default.

enable max-user-number

Specifies the maximum number of access users that can be contained in current ISP domain. Where, max-user-number ranges from 1 to 1024.

Default

By default, the number of access users that can be contained in current ISP domain is unlimited.

Example

Allow ISP domain aabbc.net to contain at most 500 access users.system-view System View: return to User View with Ctrl+Z. [3Com]domain aabbcc.net [3Com-isp-aabbcc.net] access-limit enable 500

View

This command can be used in the following views:

ISP Domain view

Description

In order to provide reliable performance to the users in the ISP domain, limit the number of access users in an ISP domain because resource contention can occur between access users.

44 accounting

3Com Switch 4500G Family Command Reference

accountingPurposeUse the accounting command to configure the accounting action for the traffic behavior. Use the undo accounting command remove the accounting configuration.

Syntax

accounting undo accounting

Parameters

None

Example

Configure the accounting action for the traffic behavior. system-view System View: return to User View with Ctrl+Z. [3Com] traffic behavior database [3Com-behavior-database] accounting

View

This command can be used in the following views:

Traffic Behavior view

Related Command

qos policy traffic behavior classifier behavior

3Com Switch 4500G Family Command Reference

accounting default 45

accounting defaultPurposeUse the accounting default command to configure an accounting scheme for all users. Use the undo accounting default command to restore the default accounting scheme for all users.

Syntax

accounting default { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo accounting default

Parameters

radius-scheme-name

Name of RADIUS scheme, a string not exceeding 32 characters. Name of TACACS+ scheme, a string not exceeding 32 characters. Local accounting. Unaccounting.

hwtacacs-scheme-name

local none

Default

By default, the local scheme is configured. It should be noted that:

The accounting scheme configured by the accounting default command is applicable to all users. Its priority is lower than that configured by a specified access mode. Local accounting is only used to support the management of local user connections without real statistical function. The management of local connections takes effect for local accounting rather than local authentication and authorization. In the login access mode, accounting is not supported for FTP services.

Example

In the default ISP domain named system, configure local as the default accounting scheme for all users.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] unaccounting default local

In the default ISP domain named system, configure radius as the default accounting scheme named rd for all users and local as backup accounting. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z.

46 accounting default

3Com Switch 4500G Family Command Reference [3Com] domain system [3Com-isp-system] accounting default radius-scheme rd local

In the default ISP domain named system, restore the default accounting scheme for all users.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo accounting default

View

This command can be used in the following views:

ISP Domain view

Related Commands

authentication default authorization default

3Com Switch 4500G Family Command Reference

accounting lan-access 47

accounting lan-accessPurposeUse the accounting lan-access command to configure accounting for a lan-access user. Use the undo accounting lan-access command to remove accounting for a lan-access user.

Syntax

accounting lan-access { radius-scheme radius-scheme-name [ local ] | local | none } undo accounting lan-access

Parameters

radius-scheme-name

Name of RADIUS scheme, a string not exceeding 32 characters. Local accounting. Unaccounting.

local none

Example

In the default ISP domain named system, configure local as the accounting scheme for the lan-access user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] accounting lan-access local

In the default ISP domain named system, configure radius as the accounting scheme named rd for the lan-access user and local as backup accounting. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] accounting lan-access radius-scheme rd local

In the default ISP domain named system, remove the accounting scheme for the lan-access user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo accounting lan-access

View

This command can be used in the following views:

ISP Domain view

Related Command

accounting default

48 accounting login

3Com Switch 4500G Family Command Reference

accounting loginPurposeUse the accounting login command to configure accounting for the login user. Use the undo accounting login command to remove accounting for the login user

Syntax

accounting login { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo accounting login

Parameters

radius-scheme-name

Name of RADIUS scheme, a string not exceeding 32 characters. Name of TACACS+ scheme, a string not exceeding 32 characters. Local accounting. Unaccounting.

hwtacacs-scheme-name

local none

Example

In the default ISP domain named system, configure local as the accounting scheme for the login user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] accounting login local

In the default ISP domain named system, configure radius as the accounting scheme named rd for the login user and local as backup accounting. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] accounting login radius-scheme rd local

In the default ISP domain named system, remove the accounting scheme for the login user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo accounting login

View

This command can be used in the following views:

ISP Domain view

3Com Switch 4500G Family Command Reference

accounting login 49

Related Command

accounting default

50 accounting optional

3Com Switch 4500G Family Command Reference

accounting optionalPurposeUse the accounting optional command to open the accounting-optional switch. Use the undo accounting optional command to close the accounting-optional switch.

Syntax

accounting optional undo accounting optional

Parameters

None

Default

By default, the accounting-optional switch is closed.

Example

Open the accounting-optional switch for the ISP domain named aabbcc.net. system-view System View: return to User View with Ctrl+Z. [3Com] domain aabbcc.net [3Com-isp-aabbcc.net] accounting optional

View

This command can be used in the following views:

ISP Domain view

Description

When the system charges an online user but does not find any available RADIUS accounting server or fails to communicate with any RADIUS accounting server, the user can continue the access to network resources if the accounting optional command has been used; otherwise, the user is disconnected from the system. The accounting optional command is often used in the cases where only authentication is needed and no accounting is needed. When you execute the accounting optional command, the system does not send real time accounting updating packets and accounting-stop packets to all users in RADIUS scheme.

3Com Switch 4500G Family Command Reference

acl 51

aclPurposeUse the acl command enter ACL view. If the ACL does not exist, it is created first. Use the undo acl command to remove a specified or all IPv4 ACLs.

Syntax

acl number acl-number [ match-order { config | auto } ] undo acl { number acl-number | all }

Parameters

number acl-number

Defines a numbered access control list (ACL). IPv4 ACL number in the range 2000 to 4999, where:

2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Ethernet frame header ACLs

match-order

Sets the order in which ACL rules are matched.

config: Performs matching against rules in the order in which they are configured. auto: Performs depth-first match.

all

All IPv4 ACLs.

Default

By default, the match order is config.

Example

Create IPv4 ACL 2000 system-view System View: return to User View with Ctrl+Z. [3Com] acl number 2000 [3Com-acl-basic-2000]

View

This command can be used in the following views:

System view

52 acl

3Com Switch 4500G Family Command Reference

aclPurposeUse the acl command to apply an ACL to filter Telnet users. Use the undo acl command to disable the switch from filtering Telnet users using the ACL.

Syntax

acl acl-number { inbound | outbound } undo acl { inbound | outbound }

Parameters

acl-number

ACL number ranging from 2,000 to 4,999. where:

2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Layer 2 ACLs

inbound outbound

Filters the users Telneting to the current switch. Filters the users Telneting to other switches from the current switch.

Example

Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL 2,000 already exists.). system-view System View: return to User View with Ctrl+Z. [3Com] user-interface vty 0 4 [3Com-ui-vty0-4] acl 2000 inbound

View

This command can be used in the following views:

User Interface view

Description

If you use Layer 2 ACL rules, you can only choose the inbound keyword in the command here.

3Com Switch 4500G Family Command Reference

activation-key 53

activation-keyPurposeUse the activation-key command to define a shortcut key for starting a terminal session. Use the undo activation-key command to restore the default shortcut key.

Syntax

activation-key character undo activation-key

Parameters

character

Shortcut key for starting terminal sessions, a character or its ASCII decimal equivalent. Valid values are from 0 to 127; or any string of 1 to 3 characters.

Default

By default, pressing Enter key will start a terminal session.

Example

Use character s as the shortcut key for starting terminal sessions.Set the shortcut key for starting terminal sessions to . system-view System View: return to User View with Ctrl+Z. [3Com] user-interface aux 0 [3Com-ui-aux0] activation-key s To verify the configuration, do the following:

Exit the terminal session on the aux port, and enter at the prompt of "Please press ENTER". You will see the terminal session being started.[3Com-ui-aux0] return quit ********************************************************************** * * Copyright(c) 2004-2006 3Com Corporation. * * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ********************************************************************** * User interface aux0 is available.

Please press ENTER. %Apr 28 04:33:11:611 2005 3Com SHELL/5/LOGIN: Console login from aux0

View

This command can be used in the following views:

User Interface view

54 activation-key

3Com Switch 4500G Family Command Reference

Description

Use these two commands in the AUX user interface only. You can use a single character (or its corresponding ASCII code value in the range 0 to 127) or a string of 1 to 3 characters to define a shortcut key. In the latter case, the system takes only the first character to define the shortcut key. For example, if you input an ASCII code value 97, the system will set the shortcut key to ; if you input the string b@c, the system will set the shortcut key to . You may use the display current-configuration command to verify the shortcut key you have defined.3Com Switch 4500G Family Command Referenceactive region-configuration 55active region-configurationPurposeUse the active region-configuration command to activate the settings of an MST (multiple spanning tree) region.Syntaxactive region-configurationParametersNoneExampleActivate MST region configuration manually. system-view System View: return to User View with Ctrl+Z. [3Com] stp region-configuration [3Com-mst-region] active region-configurationViewThis command can be used in the following views:MST Region viewDescriptionYour configuration of MST region-related parameters, especially the VLAN-to-instance mapping table, may result in network topology instability. In order to reduce the possibility of this configuration instability, MSTP does not launch a new spanning tree computing process when processing MST region-related configurations. The region configuration only takes effect only when you take one of the following actions: activate the MST region-related parameters that you configured enable MSTPWhen you carry out this command, MSTP replaces the currently running MST region-related parameters with the parameters that you configured and performs spanning tree computing again.Related Commands check region-configuration instance region-name revision-level vlan-mapping modulo56 add-member3Com Switch 4500G Family Command Referenceadd-memberPurposeUse the add-member command to add a candidate device to a cluster.Syntaxadd-member [ member-number ] mac-address mac-address [ password password ]Parametersmember-numberMember number assigned to the candidate device to be added to a cluster. This argument ranges from 1 to 255. MAC address of the candidate device (in hexadecimal). Password of the candidate device, a string comprising 1 to 256 characters. The password is required when you add a candidate device to a cluster. However, this argument is not needed if the candidate device is not configured with a password.mac-address passwordExampleAdd a candidate device to the cluster, setting the member number to 6. (Assume that the MAC address and user password of the candidate device are 00E0-fc00-35e7 and 123456.) system-view System View: return to User View with Ctrl+Z. [aaa_0.3Com] cluster [aaa_0.3Com-cluster] add-member 6 mac-address 00E0-fc00-35e7 password 123456ViewThis command can be used in the following views:Cluster viewDescriptionYou can add a candidate device to a cluster on the management device only. If you do not specify the member number when adding a cluster member, the management device assigns the least available member number to it. After a candidate device is added to a cluster, its device password becomes the management device password.3Com Switch 4500G Family Command Referenceadministrator-address 57administrator-addressPurposeUse the administrator-address command to set the MAC address of the management device on a member device. Use the undo administrator-address command to remove a member device from the cluster, usually for debugging or restoration.Syntaxadministrator-address mac-address name name undo administrator-addressParametersmac-addressMAC address of the management device (in hexadecimal). Name of an existing cluster, a string comprising up to 8 characters, which can only be alphanumeric characters, subtraction sign (-), and underline (_).name nameDefaultBy default, a switch belongs to no cluster.ExampleRemove a member device from the cluster. System View: [aaa_0.3Com] [aaa_0.3Com] system-view return to User View with Ctrl+Z cluster undo administrator-addressViewThis command can be used in the following views:Cluster viewDescriptionadministrator-address can only be executed on a candidate device, undo administrator-address can only be executed on a member device. A cluster contains one (and only one) management device. After rebooting, a member device identifies the management device by the MAC address of the management device. Use the delete-member command to remove a cluster member from a cluster on the management device.58 apply cost3Com Switch 4500G Family Command Referenceapply costPurposeUse the apply cost command to set the cost for routing information. Use the undo apply cost command to remove the clause configuration.Syntaxapply cost [ + | - ] value undo apply costParameters+ valueIncreases cost value. Decreases cost value. Cost for routing information. Valid values are 0 to 4294967295.DefaultNo cost is set for routing information by default.ExampleSet the cost for routing information to 120.[3Com-route-policy] apply cost 120ViewThis command can be used in the following views:Routing Policy viewRelated Commands if-match interface if-match { acl | ip-prefix } if-match cost if-match tag if-match tag apply ip-address next-hop apply tag3Com Switch 4500G Family Command Referenceapply cost 5960 apply cost3Com Switch 4500G Family Command Referenceapply costPurposeUse the apply cost command to set the cost for routing information cost. Use the undo apply cost command to remove the clause configuration.Syntaxapply cost [ + | - ] value undo apply costParameters+: Increases the cost value. -: Decreases the cost value. cost: Specifies routing information a cost for routing information, ranging from 0 to 4294967295.Example# Set the cost for routing information cost to 120.system System View: return to User View with Ctrl+Z. [4500G]route-policy 2 permit node 3 New Sequence of this List [4500G-route-policy] apply cost 120ViewRouting policy viewDescriptionNo cost is set for routing information. It is configured by default. Related commands: if-match interface, if-match ipv6, if-match cost, if-match tag, route-policy , and apply ipv6 next-hop and apply tag3Com Switch 4500G Family Command Referenceapply ip-address next-hop 61apply ip-address next-hopPurposeUse the apply ip-address next-hop command to set the next hop for IPv4 routing information. Use the undo apply ip-address next-hop command to remove the clause configuration.Syntaxapply ip-address next-hop ip-address undo apply ip-address next-hopParametersip-addressIP address of next hop.DefaultNo next hop address is configured for IPv4 routing information by default.ExampleSet the next hop address as 193.1.1.8 for routing information.[3Com-route-policy] apply ip-address next-hop 193.1.1.8ViewThis command can be used in the following views:Routing Policy viewDescriptionYou cannot use the apply ip-address next-hop command to set a next hop address when redistributing routes.Related Commands if-match interface if-match acl if-match ip-prefix if-match ip next-hop if-match cost if-match tag route-policy apply cost apply tag62 apply ipv6 next-hop3Com Switch 4500G Family Command Referenceapply ipv6 next-hopPurposeUse the display ip ipv6-prefix command to display the statistics of the specified IPv6 address prefix list. If no address IPv6 prefix list name is specified, the statistics of all the address IPv6 prefix lists will be displayed.Syntaxdisplay ip ipv6-prefix [ ipv6-prefix-name ]Parametersipv6-prefix-name: IPv6 prefix list name, in the range of 1 to 19 characters.Example# Display the statistics of all the IPv6 address prefix lists. display ip ipv6-prefix Prefix-list6 abc Permitted 0 Denied 0 index: 10 permit ::/0 index: 20 permit ::/1 128ge1leViewAny viewDescriptionTable 1 displays the ip ipv6-prefix command fields.Table 1 The display ip ipv6-prefix command fieldsField Prefix-list6 Permitted Denied index permit ::/1 ge le Description Name of address IPv6 prefix list (ipv6-prefix) Number of routes satisfying the matching condition Number of routes not satisfying the matching condition Internal serial number of address prefix list Matching mode, having two values: permit and , deny Matched IPv6 address and its prefix length for matching greater-equal, the minimum length of matched IPv6 prefix less-equal, the maximum length of matched IPv6 prefix3Com Switch 4500G Family Command Referenceapply poe-profile 63apply poe-profilePurposeUse the apply poe-profile command to apply the existing PoE Profile configuration to the specified Ethernet port. Use the undo apply poe-profile command to delete the PoE Profile configuration for the specified Ethernet port.Syntaxapply poe-profile { index index | name profile-name } undo apply poe-profile { index index | name profile-name }Parametersindex indexSpecifies the index number of the PoE configuration file. Valid values are 1 to 100. Specifies the name of the PoE configuration file. The file name consists of 1 to 15 characters.name profile-nameExampleApply the PoE configuration file named A20 to the PoE interface GigabitEthernet1/0/1. system-view [3Com] interface GigabitEthernet1/0/1 [3Com-GigabitEthernet1/0/1] apply poe-profile name A20 [3Com-GigabitEthernet1/0/1] display this interface GigabitEthernet1/0/1 port link-mode route apply poe-profile index 1ViewThis command can be used in the following views:PoE Interface viewDescriptionOnly one PoE Profile can be in use at any time for each Ethernet port. The index number, instead of the name, of the PoE configuration file will be displayed when you execute the display this command.Related Commands display poe-profile apply poe-profile64 apply poe-profile interface3Com Switch 4500G Family Command Referenceapply poe-profile interfacePurposeUse the apply poe-profile interface command to apply the PoE configuration file to one or more PoE interfaces. Use the undo apply poe-profile interface command to remove the application of the PoE configuration file to the specified PoE interface(s).Syntaxapply poe-profile { index index | name profile-name } interface interface-range undo apply poe-profile { index index | name profile-name } interface interface-rangeParametersindex indexSpecifies the index number of the PoE configuration file. The index number ranges from 1 to 100. Specifies the name of the PoE configuration file. The file name consists of 1 to 15 characters. Range of Ethernet interface numbers, indicating multiple Ethernet interfaces. The expression is interface-range = interface-type interface-number [ to interface-type interface-number ]. Where interface-type interface-number represents the interface type and interface number. The start interface number should be less than the end interface number. Ethernet interface numbers can be in any range. If any interface in the specified range does not support PoE, it will be ignored when the PoE configuration file is applied.name profile-nameinterface-rangeExampleApply the PoE configuration file named ABC to the PoE interface GigabitEthernet1/0/1. system-view [3Com] apply poe-profile name ABC interface GigabitEthernet1/0/1Apply the indexed PoE configuration file to PoE interfaces GigabitEthernet1/0/2 through GigabitEthernet1/0/8. system-view [3Com] apply poe-profile index 5 interface GigabitEthernet1/0/2 to GigabitEthernet1/0/8ViewThis command can be used in the following views:System view3Com Switch 4500G Family Command Referenceapply poe-profile interface 65Related Commands apply poe-profile display poe-profile interface66 apply preference3Com Switch 4500G Family Command Referenceapply preferencePurposeUse the apply preference command to set preference for routing protocol. Use the undo apply preference command to remove the clause configuration.Syntaxapply preference preference undo apply preferenceParameterspreferenceRouting preference. Valid values are 1 to 255.DefaultNo preference is set for routing protocol by default.ExampleSet the preference for routing protocol to 90.[3Com-route-policy] apply preference 90ViewThis command can be used in the following views:Routing Policy view3Com Switch 4500G Family Command Referenceapply preference 6768 apply preference3Com Switch 4500G Family Command Referenceapply preferencePurposeUse the apply preference command to set routing preference for routing protocol. Use the undo apply preference command to remove the clause configuration.Syntaxapply preference preference undo apply preferenceParameterspreference: Routing preference, in the range of 1 to 255.Example# Set the preference for routing protocol preference to 90.system System View: return to User View with Ctrl+Z. [4500G]route-policy 2 permit node 3 New Sequence of this List [4500G-route-policy] apply preference 90ViewRouting policy viewDescriptionNo routing preference is configured for routing protocol by default.3Com Switch 4500G Family Command Referenceapply tag 69apply tagPurposeUse the apply tag command to set specified tag value of routing information. Use the undo apply tag command to remove the clause configuration.Syntaxapply tag value undo apply tagParametersvalueSet the tag value for routing information. Valid values are 0 to 4294967295.DefaultNo routing tag is set by default.ExampleDefine an apply clause, setting the tag to 100 for routing information.[3Com-route-policy] apply tag 100ViewThis command can be used in the following views:Routing Policy viewRelated Commands if-match interface if-match { acl | ip-prefix } if-match cost if-match tag route-policy apply ip-address next-hop apply cost70 apply tag3Com Switch 4500G Family Command Referenceapply tagPurposeUse the apply tag command to set routing specified tag value for the routing information. Use the undo apply tag command to remove the clause configuration.Syntaxapply tag value undo apply tagParametersvalue: Specifies the tag value for routing information, ranging from 0 to 4294967295.Example# Define an apply clause, and configure the routing tag as 100 for routing information.system System View: return to User View with Ctrl+Z. [4500G]route-policy 2 permit node 3 New Sequence of this List [4500G-route-policy] apply tag 100ViewRouting policy viewDescriptionNo routing tag is set for the routing information by default. Related command: if-match interface, if-match ipv6,if-match cost, if-match tag, route-policy, apply ipv6 next-hop and apply cost.3Com Switch 4500G Family Command Referencearp check enable 71arp check enablePurposeUse the arp check enable command to enable ARP entry checking, preventing the device from learning multicast MAC addresses. Use the undo arp check enable command to disable the function, allowing the device to add multicast MAC addresses into the ARP mapping table.Syntaxarp check enable undo arp check enableParametersNoneDefaultBy default, ARP entry checking is enabled.ExampleEnable the device to add multicast MAC addresses into the ARP mapping table. system-view System View: return to User View with Ctrl+Z. [3Com] undo arp check enableViewThis command can be used in the following views:System view72 arp max-learning-num3Com Router 5000 Family and Router 6000 Family Command Referencearp max-learning-numPurposeUse the arp max-learning-num command to set the maximum number of ARP entries that an interface can learn. Use the undo arp max-learning-num command to restore the default.Syntaxarp max-learning-num number undo arp max-learning-numParametersnumberMaximum number of ARP entries that an interface can learn. Valid values are 1 to 2048. If no value is specified, the default is 2048.ExampleSpecify interface VLAN40 to learn up to 500 ARP entries. system-view System View: return to User View with Ctrl+Z. [3Com] interface Vlan-interface 40 [3Com-Vlan-interface40]arp max-learning-num 500ViewThis command can be used in the following views:VLAN Interface view3Com Switch 4500G Family Command Referencearp static 73arp staticPurposeUse the arp static command to configure the static ARP entry in the ARP mapping table. Use the undo arp ip_address command to remove an ARP entry.Syntaxarp static ip_address mac_address [ vlan_id interface_type interface_number }] undo arp ip_addressParametersip-address mac-addressIP address for ARP mapping. MAC address for ARP mapping, in the format of H-H-H. VLAN for the static ARP entry to belong to. Valid values are 1 to 4094. The vlan-id argument is used to configure ARP entries on Ethernet switches and must be the ID of an existing VLAN interface. In addition, the Ethernet interface following the argument must belong to that VLAN. Specifies an interface by its type and numbervlan-idinterface-type interface-numberExampleConfigure ARP entry 202.38.10.2 to 00e0-fc01-0000 for interface GE1/0/2 of VLAN 1. system-view System View: return to User View with Ctrl+Z. [3Com] arp static 202.38.10.2 00e0-fc01-0000 1 GigabitEthernet1/0/2Configure ARP entry 129.102.0.1 to 00e0-fc01-0000.[3Com] arp static 129.102.0.1 e0-fc01-0ViewThis command can be used in the following views:System viewDescriptionA static ARP mapping is effective when the device works normally. However, when the VLAN or VLAN interface to which an ARP entry of a switch corresponds is deleted, the entry is deleted accordingly.Related Commands reset arp display arp74 arp timer aging3Com Switch 4500G Family Command Referencearp timer agingPurposeUse the arp timer aging command to set the aging timer for dynamic ARP entries. Use the undo arp timer aging command to restore the default.Syntaxarp timer aging aging-time undo arp timer agingParametersaging-timeAging time for dynamic ARP entries in minutes.Valid values are 1 to 1440. If no value is specified, the default is 20.ExampleSet the aging timer for dynamic ARP entries to 10 minutes. system-view System View: return to User View with Ctrl+Z. [3Com] arp timer aging 10ViewThis command can be used in the following views:System viewRelated Commanddisplay arp timer aging3Com Switch 4500G Family Command Referenceascii 75asciiPurposeUse the ascii command to configure data transmission mode as ASCII mode.SyntaxasciiParametersNoneDefaultBy default, the file transmission mode is ASCII mode.ExampleEnter FTP client view. ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none): switch 331 Password required for switch. Password: 230 User logged in.Set the file transfer mode to ASCII.[ftp] ascii 200 Type set to A.ViewThis command can be used in the following views:FTP Client viewDescriptionFTP provides two file transfer modes: ASCII and binary. To transfer text files, use the ASCII mode; to transfer program files, use the binary mode.76 attribute3Com Switch 4500G Family Command ReferenceattributePurposeUse the attribute command to set the attributes of a user whose service type is lan-access. Use the undo attribute command to cancel attribute settings of the user.Syntaxattribute { ip ip-address | mac mac-address | idle-cut minute | access-limit max-user-number | vlan vlan-id | location { nas-ip ip-address port port-number | port portnumber } undo attribute { ip | mac | idle-cut | access-limit | vlan | location }*Parametersip ip-addressSets the IP address of the user. The attribute ip command for a local user only applies to 3Com 802.1x clients. If you configure this command on a non-3Com client, local authentication will fail. Sets the MAC address of the user. Where, mac-address is in H-H-H format. Allows the local user to enable the idle-cut function. Where, minute is the idle time before cutting down, which ranges from 1 minutes to 120 minutes. Sets the maximum number of users who can access the switch with current user name. Where, max-user-number ranges from 1 to 1024. Sets the VLAN attribute of the user (that is, which VLAN the user belongs to). Where, vlan-id is an integer ranging from 1 to 4094. Sets the port binding attribute of the user. Sets the IP address of the access server to which the user is bound to. Where, ip-address is in dotted decimal notation and is 127.0.0.1 (representing this device) by default. If the user is bound to a remote port, you must specify the nas-ip parameter. If the user is bound to a local port, you need not specify the nas-ip parameter. Sets the port bound with the user.mac mac-addressidle-cut minuteaccess-limit max-user-numbervlan vlan-idlocation nas-ip ip-addressport portnumberExampleSet the IP address of user1 to 10.110.50.1. system-view System View: return to User View with Ctrl+Z. [4500G] local-user user1 New local user added. [4500G-luser-user1] attribute ip 10.110.50.13Com Switch 4500G Family Command Referenceattribute 77ViewThis command can be used in the following views:Local User viewRelated Commanddisplay local-user78 attribute3Com Switch 4500G Family Command ReferenceattributePurposeUse the attribute command to configure attribute rules of certificate issuers, certificate subject names, or alternate certificate subject names. Use the undo attribute command to remove a certificate attribute rule or all the certificate attribute rules.Syntaxattribute id { alt-subject-name { fqdn | ip } | { issuer-name | subject-name } { dn | fqdn | ip } } { ctn | equ | nctn | nequ} attribute-value undo attribute { id | all }Parametersid alt-subject-name issuer-name subject-name dn fqdn ip ctn equ nctn nequ attribute-valueCertificate attribute rule ID. Valid values are 1 to 16. Specifies the alternate name of the certificate subject. Specifies the name of a certificate issuer Specifies the name of the certificate subject. Specifies the entity DN Specifies the entity FQDN. Specifies the entity IP address. Specifies the "contain" relationship operator. Specifies the "equal to" relationship operator. Specifies the "not contain" relationship operator. Specifies the "not equal to" relationship operator. Attribute value to be set, a string comprising of 1 to 128 characters. Note that attribute values are not case-sensitive. Specifies all the certificate attribute rules.all:DefaultBy default the following are not limited: certificate issuers certificate subject names certificate subject names alternate certificate subject namesSince the alternate certificate subject names cannot be in the form of domain name, the dn keyword is unavailable to the attribute id alt-subject-name command.3Com Switch 4500G Family Command Referenceattribute 79ExampleCreate a certificate attribute rule to specify the DN of the certificate subject name contains the string "abc". system-view [3Com] pki certificate attribute-group mygroup [3Com-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abcCreate a certificate attribute rule to specify the issuer name FQDN is not the string "abc".[3Com-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abcCreate a certificate attribute rule to specify the IP address contained in the alternate subject name is not 10.0.0.1.[3Com-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1ViewThis command can be used in the following views:Certificate Attribute Group viewRelated Commanddisplay local-user80 authentication default3Com Switch 4500G Family Command Referenceauthentication defaultPurposeUse the authentication default command to configure authentication scheme for all users. Use the undo authentication default command to restore the default authentication scheme for all users.Syntaxauthentication default { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo authentication defaultParametersradius-scheme-nameName of RADIUS scheme, a string not exceeding 32 characters. Name of TACACS+ scheme, a string not exceeding 32 characters. Local authentication. Unauthentication.hwtacacs-scheme-namelocal noneDefaultBy default, the local authentication is used. The authentication scheme configured by the authentication default command is applicable to all users. But its priority is lower than that configured by a special access mode.ExampleIn the default ISP domain named system, configure local as the default authentication for all users.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authentication default localIn the default ISP domain named system, configure radius as the default authentication scheme named rd for all users and local as backup authentication. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authentication default radius-scheme rd localIn the default ISP domain named system, restore the default authentication scheme for all users.system-view System View: return to User View with Ctrl+Z. [3Com] domain system3Com Switch 4500G Family Command Reference [3Com-isp-system] undo authentication defaultauthentication default 81ViewThis command can be used in the following views:ISP Domain viewRelated Commands accounting default authorization default82 authentication lan-access3Com Switch 4500G Family Command Referenceauthentication lan-accessPurposeUse the authentication lan-access command to configure authentication scheme for a lan-access user. Use the undo authentication lan-access command to remove authentication scheme for a lan-access user.Syntaxauthentication lan-access { radius-scheme radius-scheme-name [ local ] | local | none } undo authentication lan-accessParametersradius-scheme-nameName of RADIUS scheme, a string not exceeding 32 characters. Local authentication. Unauthentication.local noneExampleIn the default ISP domain named system, configure local as the authentication scheme for the lan-access user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authentication lan-access localIn the default ISP domain named system, configure radius as the default authentication named rd for the lan-access user and local as backup authentication. Note that rd authentication must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authentication lan-access radius-scheme rd localIn the default ISP domain named system, remove the authentication scheme for the lan-access user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo authentication lan-accessViewThis command can be used in the following views:ISP Domain viewRelated Commandauthentication default3Com Switch 4500G Family Command Referenceauthentication login 83authentication loginPurposeUse the authentication login command to configure authentication for a login user. Use the undo authentication login command to remove authentication for a login user.Syntaxauthentication login { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo authentication loginParametersradius-scheme-nameName of RADIUS scheme, a string not exceeding 32 characters. Name of TACACS+ scheme, a string not exceeding 32 characters. Local authentication. Unauthenticationhwtacacs-scheme-namelocal noneExampleIn the default ISP domain named system, configure local as the authentication scheme for the login user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authentication login localIn the default ISP domain named system, configure radius as the default authentication named rd for the login user and local as backup authentication. Note that the rd authentication must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authentication login radius-scheme rd localIn the default ISP domain named system, remove the authentication scheme for the login user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo authentication loginViewThis command can be used in the following views:ISP Domain view84 authentication login3Com Switch 4500G Family Command ReferenceRelated Commandauthentication default3Com Switch 4500G Family Command Referenceauthentication-mode 85authentication-modePurposeUse the command authentication-mode to specify the authentication mode.Syntaxauthentication-mode { none | password | scheme [ command-authorization ] }Parametersnone password schemeDoes not authenticate users. Authenticates users using the local password. Authenticates users locally or remotely using usernames and passwords. Performs command authorization on TACACS authentication server.command-authorizationDefaultBy default, users logging in through the Console port are not authenticated, whereas modem users and Telnet users are authenticated.ExampleConfigure to authenticate users using the local password. system-view System View: return to User View with Ctrl+Z. [3Com] user-interface aux 0 [3Com-ui-aux0] authentication-mode passwordViewThis command can be used in the following views:User Interface viewDescriptionUse this command to configure the authentication method for a user at log in.If you specify the password keyword to authenticate users using the local password, set the local password using the set authentication password { cipher | simple } command. If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords, the actual authentication mode depends on other related configurations. Refer to the Security module of this manual for more information. If this command is executed with the command-authorization keywords specified, authorization is performed on the TACACS server whenever you attempt to execute a command, and the command can be executed only when you pass the authorization. Normally, a TACACS server contains a list of the commands available to different users.The type of the authentication depends on your network configuration. For further information, see AAA and RADIUS.86 authorization command3Com Switch 4500G Family Command Referenceauthorization commandPurposeUse the authorization command command to configure the authorization scheme for a CLI user. Use the undo authorization command command to remove the authorization scheme for a CLI user.Syntaxauthorization command hwtacacs-scheme hwtacacs-scheme-name undo authorization commandParametershwtacacs-scheme-nameThe name of a TACACS+ scheme, comprised of a string of up to 32 characters.ExampleIn the default ISP domain named system, configure TACACS+ as the authorization scheme named hw for the CLI user. Note that the hw authorization must be already configured. system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authorization command hwtacacs-scheme hwViewThis command can be used in the following views:ISP Domain viewRelated Commandauthentication default3Com Switch 4500G Family Command Referenceauthorization default 87authorization defaultPurposeUse the authorization default command to configure the default authorization for all users. Use the undo authorization default command to restore the default authorization scheme for all users.Syntaxauthorization default { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo authorization defaultParametersradius-scheme-nameName of RADIUS scheme, a string not exceeding 32 characters. Name of TACACS+ scheme, a string not exceeding 32 characters. Local authorization. Direct authorization. In this case, the user passes the authentication directly, but only owns the default rights.hwtacacs-scheme-namelocal noneDefaultBy default, the local authorization is used. It should be noted that:The authorization scheme configured by the authorization default command is applicable to all users. Its priority is lower than that configured by a specified access mode. As a special procedure, RADIUS authorization takes effect when the radius schemes for authentication and authorization are similar. In case of failure to all RADIUS authorization, the reason returned to NAS is that the Server did not respond.ExampleIn the default ISP domain named system, configure local as the default authorization for all users.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authorization default localIn the default ISP domain named system, configure radius as the default authorization named rd for all users and local as backup authorization. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system88 authorization default3Com Switch 4500G Family Command Reference [3Com-isp-system] authorization default radius-scheme rd localIn the default ISP domain named system, restore the default authorization scheme for all users.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo authorization defaultViewThis command can be used in the following views:ISP Domain viewRelated Commands authentication default accounting default3Com Switch 4500G Family Command Referenceauthorization lan-access 89authorization lan-accessPurposeUse the authorization lan-access command to configure authorization for a lan-access user. Use the undo authorization lan-access command to remove authorization for a lan-access user.Syntaxauthorization lan-access { radius-scheme radius-scheme-name [ local ] | local | none } undo authorization lan-accessParametersradius-scheme-nameName of RADIUS scheme, a string not exceeding 32 characters. Local authorization. Direct authorization. In this case, the user passes the authentication directly, but only owns the default rights.local noneExampleIn the default ISP domain named system, configure local as the authorization scheme for the lan-access user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authorization lan-access localIn the default ISP domain named system, configure radius as the authorization scheme named rd for the lan-access user and local as backup authorization. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authorization lan-access radius-scheme rd localIn the default ISP domain named system, remove the authorization scheme for the lan-access user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo authorization lan-accessViewThis command can be used in the following views:ISP Domain view90 authorization lan-access3Com Switch 4500G Family Command ReferenceRelated Commandauthorization default3Com Switch 4500G Family Command Referenceauthorization login 91authorization loginPurposeUse the authorization login command to configure authorization for a login user. Use the undo authorization login command to remove authorization for a login user.Syntaxauthorization login { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none } undo authorization loginParametersradius-scheme-nameName of RADIUS scheme, a string not exceeding 32 characters. Name of TACACS+ scheme, a string not exceeding 32 characters. Local authorization. Direct authorization. In this case, the user passes the authentication directly, but only owns the default rights.hwtacacs-scheme-namelocal noneExampleIn the default ISP domain named system, configure local as the authorization scheme for the login user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authorization login localIn the default ISP domain named system, configure radius as the authorization scheme named rd for the login user and local as backup authorization. Note that the rd scheme must be already configured. Related command: radius scheme.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] authorization login radius-scheme rd localIn the default ISP domain named system, remove the authorization scheme for the login user.system-view System View: return to User View with Ctrl+Z. [3Com] domain system [3Com-isp-system] undo authorization loginViewThis command can be used in the following views:ISP Domain view92 authorization login3Com Switch 4500G Family Command ReferenceRelated Commandauthorization default3Com Switch 4500G Family Command Referenceauto-build 93auto-buildPurposeUse the auto-build command to automatically build a cluster.Syntaxauto-build [ recover ]ParametersrecoverEstablishes communication with all the member devices again.ExampleSet up a cluster automatically. system-view System View: return to User View with Ctrl+Z. [3Com] cluster [3Com-cluster] auto-build There is no base topology, if set up from local flash file?(Y/N) n Please input cluster name:aa Collecting candidate list, please wait... Candidate list: Name 3Com 3Com 3Com a 2024C Hops 1 2 2 2 2 MAC Address Device 00e0-fc02-2180 3Com S3552G 00e0-fc00-5502 3Com S5528C-SI 00e0-fc00-5601 S5600 0012-a990-2241 S3900 000f-e200-00cc 3Com S2024CProcessing...please wait Cluster auto-build Finish! 2 member(s) added successfully. [aa_0.3Com-cluster]ViewThis command can be used in the following views:Cluster viewDescription You can execute this command on a candidate device or a management device. When you use this command on a candidate device, you will be required to enter the cluster name and build a cluster. Then the system will collect candidates and automatically add the collected candidates into the cluster. When you use this command on a management device, the system will collect candidates directly and automatically add them into the cluster. The recover keyword is used to recover a cluster. Using the auto-build recover command, you can find the members that are not currently in the member list and add them to the cluster.94 auto-build3Com Switch 4500G Family Command ReferenceEnsure that NTDP is enabled, because it is the basis of candidate and member collection. The collection range is also decided through NTDP. You can use the hop command in system view to modify the collection range. If a member is configured with a password different from the password of the management device, it cannot be automatically added to the cluster.3Com Switch 4500G Family Command Referenceauto-execute command 95auto-execute commandPurposeUse the auto-execute command command to set the command that is executed automatically after a user logs in. Use the undo auto-execute command command to disable the specified command from being automatically executedSyntaxauto-execute command text undo auto-execute commandParameterstextSpecifies that the command be run automatically.DefaultBy default, no command is automatically executed.ExampleConfigure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0. system-view System View: return to User View with Ctrl+Z. [4500G] user-interface vty0 [4500G-ui-vty0] auto-execute command telnet 10.110.100.1ViewThis command can be used in the following views:VTY User Interface viewDescriptionNormally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically. CAUTION:The auto-execute command may cause you to be unable to perform common configuration in the user interface, so use it with caution. Before executing the auto-execute command command and saving your configuration, make sure you can log into the switch in other modes and cancel the configuration.96 backup startup-configuration3Com Switch 4500G Family Command Referencebackup startup-configurationPurposeUse the backup startup-configuration command to back up the configuration file for next startup with the destination file name.Syntaxbackup startup-configuration to dest-addr [dest-filename ]Parametersdest-addr dest-filenameIP address or host name of the TFTP server. Name of a destination file. You need to save the startup configuration file with this file name on the server.ExampleBack up the configuration file for next startup in the TFTP server whose IP address is 2.2.2.2, with the file name config.cfg. backup startup-configuration to 2.2.2.2 config.cfg Backup next startup-configuration file to 2.2.2.2, please wait finished! ViewThis command can be used in the following views:User viewDescriptionIf you do not specify the destination file name, you can back up the configuration file with its original name. Currently the device backs up configuration files through TFTP.3Com Switch 4500G Family Command Referencebinary 97binaryPurposeUse the binary command to specify that files be transferred in binary mode. That is, data is transferred in binary streams.SyntaxbinaryParametersNoneDefaultBy default, the file transfer mode is ASCII.ExampleEnter FTP client view. ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none): switch 331 Password required for switch. Password: 230 User logged in.Set the FTP file transfer mode to binary.[ftp] binary 200 Type set to I.ViewThis command can be used in the following views:FTP Client viewDescriptionFTP provides two file transfer modes: ASCII and binary. To transfer text files, use the ASCII mode; to transfer program files, use the binary mode.98 black-list add-mac3Com Switch 4500G Family Command Referenceblack-list add-macPurposeUse the black-list add-mac command to add a device into the blacklist. This command can be executed only on the management device.Syntaxblack-list add-mac mac-addressParametersmac-addressMAC address of the device that will be added into the blacklist, in the format of H-H-H. DescriptionExampleInsert the device to black-list.system-view [aa_0.3Com]cluster [aa_0.3Com-cluster] black-list add-mac 0ec0-fc00-0001 Insert the MAC to the black-list successful!ViewThis command can be used in the following views:Cluster view3Com Switch 4500G Family Command Referenceblack-list delete-mac 99black-list delete-macPurposeUse the black-list delete-mac command to delete a device from the blacklist.Syntaxblack-list delete-mac { all | mac-address }Parametersmac-addressMAC address of the device that will be deleted from the blacklist, in the format of H-H-H. This command can be executed only on the management device. DescriptionExampleDelete the device from black-list.system-view [aa_0.3Com]cluster [aa_0.3Com-cluster] black-list delete-mac 0ec0-fc00-0001 The black-list is cleared!Clear all the device from black-listsystem-view [aa_0.3Com]cluster [aa_0.3Com-cluster] black-list delete-mac allViewThis command can be used in the following views:Cluster view100 boot-loader3Com Switch 4500G Family Command Referenceboot-loaderPurposeUse the boot-loader command to configure the .app file to be used the next time the switch is booted.Syntaxboot-loader file file-url { main | backup }Parametersfile-urlPath and name of .app file, a string of 1 to 63 characters. Specified the main .app file for boot. Specified the backup .app file for boot.main backupDefaultThe main .app file is loaded during the boot process.ExampleSpecify the .app application to be used during the boot process. boot-loader file plat.app main This command will set boot file, Continue? [Y/N]:y The specified file will be used as a main boot file at the next time!ViewThis command can be used in the following views:User viewRelated Commanddisplay boot-loader3Com Switch 4500G Family Command Referencebootrom 101bootromPurposeUse the bootrom command to upgrade the Bootrom of device.Syntaxbootrom update file file-urlParametersUpdate file-urlUpdate Bootrom. Path and name of an BootROM file, comprised of a string of 1 to 63 characters.ExampleUpgrade the Bootrom of the switch using the file named a.btm. bootrom update file a.btm This command will update bootrom file, Continue? [Y/N]y Now updating bootrom, please wait...ViewThis command can be used in the following views:User view102 bootrom-update security-check enable3Com Switch 4500G Family Command Referencebootrom-update security-check enablePurposeUse the bootrom-update security-check enable command to enable file validity check for upgrading. Use the undo bootrom-update security-check enable command to disable file validity check for upgrading.Syntaxbootrom-update security-check enable undo bootrom-update security-check enableParametersNoneDefaultThe validity check function is disabled at the time of upgrading a Bootrom file.ExampleEnable file validity check for upgrading Bootrom. system-view System View: return to User View with Ctrl+Z. [3Com] bootrom-update security-check enableViewThis command can be used in the following views:System viewDescriptionSince the Bootrom files of switching processing units (SRPUs) and line processing units (LPUs) vary with devices, users are easily confused to make mistakes when upgrading Bootrom files. After the validity check function is enabled, the device strictly checks Bootrom upgrade files for correctness and version configuration information to ensure a successful upgrade.3Com Switch 4500G Family Command Referencebroadcast-suppression 103broadcast-suppressionPurposeUse the broadcast-suppression command to configure broadcast storm suppression ratio. Use the undo broadcast-suppression command to restore the broadcast suppression ratio.Syntaxbroadcast-suppression { ratio | pps max-pps } undo broadcast-suppressionParametersratioSpecifies the allowed maximum ratio of the broadcast traffic to the total bandwidth on one or each port. Valid values for this argument are 1 to 100 (in increments of 1). The smaller the value of this argument, the smaller the allowed-to-pass broadcast traffic is. If not specified, the default is 100. Maximum number of broadcast packets allowed to pass through each Ethernet port per second. Valid values are 1 to 1,488,000.max-ppsDefaultBy default, all broadcast traffic is allowed to go through an Ethernet Interface, that is, broadcast traffic is not suppressed.ExampleAllow 20% of broadcast traffic to pass through the interface GigabitEthernet 1/0/28. system-view [3Com] interface GigabitEthernet 1/0/28 [3Com-GigabitEthernet1/0/28] broadcast-suppression 20ViewThis command can be used in the following views: Ethernet Interface view Port Group viewDescriptionThe above commands apply: When executed under Ethernet interface view, to the current port only. When executed under port group view, to all ports in a port group.In order to ensure that the network functions properly, when broadcast traffic exceeds the maximum value configured, the system discards the extra packets so that the traffic ratio falls below the limit again.104 build3Com Switch 4500G Family Command ReferencebuildPurposeUse the build command to configure or modify the cluster name. Use the undo build command to remove a cluster.Syntaxbuild name undo buildParametersnameCluster name, a string comprising up to 8 characters, which can only be alphanumeric characters, subtraction sign (-), and underline (_).DefaultBy default, a switch is not a management device.ExampleConfigure the current switch to be a management device and specify the cluster name to be aabbcc.system-view [3Com]cluster [3Com-cluster] build aabbccViewThis command can be used in the following views:Cluster viewDescriptionIf the build command is executed on the candidate device, the current switch will be configured as the management device and assigned with a cluster name. If the build command is executed on the management device, the cluster name will be modified. The member number of a management device is 0. After the cluster is set up, the switch will collect the topology information of the network at the set interval and add the detected candidate devices into the cluster automatically. If it is unnecessary to add the candidate switches into the cluster automatically, you can set the interval of topology collection to 0, that is, topology collection is not performed periodically.3Com Switch 4500G Family Command Referencebye 105byePurposeUse the bye command to disconnect from the remote FTP server and exit to user view.SyntaxbyeParametersNoneExampleEnter FTP client view ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none): switch 331 Password required for switch. Password: 230 User logged in.Terminate the connection with the remote FTP server and exit to user view.[ftp] bye 221 Server closing.ViewThis command can be used in the following views:FTP Client viewDescriptionThis command has the same function as the exit and quit commands.106 bye3Com Switch 4500G Family Command ReferencebyePurposeUse the bye command to terminate the connection to the remote SFTP server and return to system view.SyntaxbyeParametersNoneExampleTerminate the connection to the remote SFTP server (assume that the server IP address is 10.1.1.2). system-view System View: return to User View with Ctrl+Z. [4500G] sftp 10.1.1.2 sftp-client> bye [4500G]ViewThis command can be used in the following views:SFTP Client viewDescriptionThis command has the same function as the exit and quit commands.3Com Switch 4500G Family Command Referenceca identifier 107ca identifierPurposeUse the ca identifier command to specify the CA this device trusts and have the "name" CA bound with this device. Use the undo ca identifier command to delete the CA this device trusts.Syntaxca identifier name undo ca identifierParametersnameCA identifier this device trusts. Valid values are 1 to 63 characters long.DefaultBy default, no trusted CA is specified.ExampleSpecify the name of the CA this device trusts system-view [3Com] pki domain 1 [3Com-pki-d